[linux.git] / fs / efivarfs / vars.c

// SPDX-License-Identifier: GPL-2.0+
/*
 * Originally from efivars.c
 *
 * Copyright (C) 2001,2003,2004 Dell <[email protected]>
 * Copyright (C) 2004 Intel Corporation <[email protected]>
 */

#include <linux/capability.h>
#include <linux/types.h>
#include <linux/errno.h>
#include <linux/init.h>
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/string.h>
#include <linux/smp.h>
#include <linux/efi.h>
#include <linux/device.h>
#include <linux/slab.h>
#include <linux/ctype.h>
#include <linux/ucs2_string.h>

#include "internal.h"

MODULE_IMPORT_NS(EFIVAR);

static bool
validate_device_path(efi_char16_t *var_name, int match, u8 *buffer,
		     unsigned long len)
{
	struct efi_generic_dev_path *node;
	int offset = 0;

	node = (struct efi_generic_dev_path *)buffer;

	if (len < sizeof(*node))
		return false;

	while (offset <= len - sizeof(*node) &&
	       node->length >= sizeof(*node) &&
		node->length <= len - offset) {
		offset += node->length;

		if ((node->type == EFI_DEV_END_PATH ||
		     node->type == EFI_DEV_END_PATH2) &&
		    node->sub_type == EFI_DEV_END_ENTIRE)
			return true;

		node = (struct efi_generic_dev_path *)(buffer + offset);
	}

	/*
	 * If we're here then either node->length pointed past the end
	 * of the buffer or we reached the end of the buffer without
	 * finding a device path end node.
	 */
	return false;
}

static bool
validate_boot_order(efi_char16_t *var_name, int match, u8 *buffer,
		    unsigned long len)
{
	/* An array of 16-bit integers */
	if ((len % 2) != 0)
		return false;

	return true;
}

static bool
validate_load_option(efi_char16_t *var_name, int match, u8 *buffer,
		     unsigned long len)
{
	u16 filepathlength;
	int i, desclength = 0, namelen;

	namelen = ucs2_strnlen(var_name, EFI_VAR_NAME_LEN);

	/* Either "Boot" or "Driver" followed by four digits of hex */
	for (i = match; i < match+4; i++) {
		if (var_name[i] > 127 ||
		    hex_to_bin(var_name[i] & 0xff) < 0)
			return true;
	}

	/* Reject it if there's 4 digits of hex and then further content */
	if (namelen > match + 4)
		return false;

	/* A valid entry must be at least 8 bytes */
	if (len < 8)
		return false;

	filepathlength = buffer[4] | buffer[5] << 8;

	/*
	 * There's no stored length for the description, so it has to be
	 * found by hand
	 */
	desclength = ucs2_strsize((efi_char16_t *)(buffer + 6), len - 6) + 2;

	/* Each boot entry must have a descriptor */
	if (!desclength)
		return false;

	/*
	 * If the sum of the length of the description, the claimed filepath
	 * length and the original header are greater than the length of the
	 * variable, it's malformed
	 */
	if ((desclength + filepathlength + 6) > len)
		return false;

	/*
	 * And, finally, check the filepath
	 */
	return validate_device_path(var_name, match, buffer + desclength + 6,
				    filepathlength);
}

static bool
validate_uint16(efi_char16_t *var_name, int match, u8 *buffer,
		unsigned long len)
{
	/* A single 16-bit integer */
	if (len != 2)
		return false;

	return true;
}

static bool
validate_ascii_string(efi_char16_t *var_name, int match, u8 *buffer,
		      unsigned long len)
{
	int i;

	for (i = 0; i < len; i++) {
		if (buffer[i] > 127)
			return false;

		if (buffer[i] == 0)
			return true;
	}

	return false;
}

struct variable_validate {
	efi_guid_t vendor;
	char *name;
	bool (*validate)(efi_char16_t *var_name, int match, u8 *data,
			 unsigned long len);
};

/*
 * This is the list of variables we need to validate, as well as the
 * whitelist for what we think is safe not to default to immutable.
 *
 * If it has a validate() method that's not NULL, it'll go into the
 * validation routine.  If not, it is assumed valid, but still used for
 * whitelisting.
 *
 * Note that it's sorted by {vendor,name}, but globbed names must come after
 * any other name with the same prefix.
 */
static const struct variable_validate variable_validate[] = {
	{ EFI_GLOBAL_VARIABLE_GUID, "BootNext", validate_uint16 },
	{ EFI_GLOBAL_VARIABLE_GUID, "BootOrder", validate_boot_order },
	{ EFI_GLOBAL_VARIABLE_GUID, "Boot*", validate_load_option },
	{ EFI_GLOBAL_VARIABLE_GUID, "DriverOrder", validate_boot_order },
	{ EFI_GLOBAL_VARIABLE_GUID, "Driver*", validate_load_option },
	{ EFI_GLOBAL_VARIABLE_GUID, "ConIn", validate_device_path },
	{ EFI_GLOBAL_VARIABLE_GUID, "ConInDev", validate_device_path },
	{ EFI_GLOBAL_VARIABLE_GUID, "ConOut", validate_device_path },
	{ EFI_GLOBAL_VARIABLE_GUID, "ConOutDev", validate_device_path },
	{ EFI_GLOBAL_VARIABLE_GUID, "ErrOut", validate_device_path },
	{ EFI_GLOBAL_VARIABLE_GUID, "ErrOutDev", validate_device_path },
	{ EFI_GLOBAL_VARIABLE_GUID, "Lang", validate_ascii_string },
	{ EFI_GLOBAL_VARIABLE_GUID, "OsIndications", NULL },
	{ EFI_GLOBAL_VARIABLE_GUID, "PlatformLang", validate_ascii_string },
	{ EFI_GLOBAL_VARIABLE_GUID, "Timeout", validate_uint16 },
	{ LINUX_EFI_CRASH_GUID, "*", NULL },
	{ NULL_GUID, "", NULL },
};

/*
 * Check if @var_name matches the pattern given in @match_name.
 *
 * @var_name: an array of @len non-NUL characters.
 * @match_name: a NUL-terminated pattern string, optionally ending in "*". A
 *              final "*" character matches any trailing characters @var_name,
 *              including the case when there are none left in @var_name.
 * @match: on output, the number of non-wildcard characters in @match_name
 *         that @var_name matches, regardless of the return value.
 * @return: whether @var_name fully matches @match_name.
 */
static bool
variable_matches(const char *var_name, size_t len, const char *match_name,
		 int *match)
{
	for (*match = 0; ; (*match)++) {
		char c = match_name[*match];

		switch (c) {
		case '*':
			/* Wildcard in @match_name means we've matched. */
			return true;

		case '\0':
			/* @match_name has ended. Has @var_name too? */
			return (*match == len);

		default:
			/*
			 * We've reached a non-wildcard char in @match_name.
			 * Continue only if there's an identical character in
			 * @var_name.
			 */
			if (*match < len && c == var_name[*match])
				continue;
			return false;
		}
	}
}

bool
efivar_validate(efi_guid_t vendor, efi_char16_t *var_name, u8 *data,
		unsigned long data_size)
{
	int i;
	unsigned long utf8_size;
	u8 *utf8_name;

	utf8_size = ucs2_utf8size(var_name);
	utf8_name = kmalloc(utf8_size + 1, GFP_KERNEL);
	if (!utf8_name)
		return false;

	ucs2_as_utf8(utf8_name, var_name, utf8_size);
	utf8_name[utf8_size] = '\0';

	for (i = 0; variable_validate[i].name[0] != '\0'; i++) {
		const char *name = variable_validate[i].name;
		int match = 0;

		if (efi_guidcmp(vendor, variable_validate[i].vendor))
			continue;

		if (variable_matches(utf8_name, utf8_size+1, name, &match)) {
			if (variable_validate[i].validate == NULL)
				break;
			kfree(utf8_name);
			return variable_validate[i].validate(var_name, match,
							     data, data_size);
		}
	}
	kfree(utf8_name);
	return true;
}

bool
efivar_variable_is_removable(efi_guid_t vendor, const char *var_name,
			     size_t len)
{
	int i;
	bool found = false;
	int match = 0;

	/*
	 * Check if our variable is in the validated variables list
	 */
	for (i = 0; variable_validate[i].name[0] != '\0'; i++) {
		if (efi_guidcmp(variable_validate[i].vendor, vendor))
			continue;

		if (variable_matches(var_name, len,
				     variable_validate[i].name, &match)) {
			found = true;
			break;
		}
	}

	/*
	 * If it's in our list, it is removable.
	 */
	return found;
}

static bool variable_is_present(efi_char16_t *variable_name, efi_guid_t *vendor,
				struct list_head *head)
{
	struct efivar_entry *entry, *n;
	unsigned long strsize1, strsize2;
	bool found = false;

	strsize1 = ucs2_strsize(variable_name, 1024);
	list_for_each_entry_safe(entry, n, head, list) {
		strsize2 = ucs2_strsize(entry->var.VariableName, 1024);
		if (strsize1 == strsize2 &&
			!memcmp(variable_name, &(entry->var.VariableName),
				strsize2) &&
			!efi_guidcmp(entry->var.VendorGuid,
				*vendor)) {
			found = true;
			break;
		}
	}
	return found;
}

/*
 * Returns the size of variable_name, in bytes, including the
 * terminating NULL character, or variable_name_size if no NULL
 * character is found among the first variable_name_size bytes.
 */
static unsigned long var_name_strnsize(efi_char16_t *variable_name,
				       unsigned long variable_name_size)
{
	unsigned long len;
	efi_char16_t c;

	/*
	 * The variable name is, by definition, a NULL-terminated
	 * string, so make absolutely sure that variable_name_size is
	 * the value we expect it to be. If not, return the real size.
	 */
	for (len = 2; len <= variable_name_size; len += sizeof(c)) {
		c = variable_name[(len / sizeof(c)) - 1];
		if (!c)
			break;
	}

	return min(len, variable_name_size);
}

/*
 * Print a warning when duplicate EFI variables are encountered and
 * disable the sysfs workqueue since the firmware is buggy.
 */
static void dup_variable_bug(efi_char16_t *str16, efi_guid_t *vendor_guid,
			     unsigned long len16)
{
	size_t i, len8 = len16 / sizeof(efi_char16_t);
	char *str8;

	str8 = kzalloc(len8, GFP_KERNEL);
	if (!str8)
		return;

	for (i = 0; i < len8; i++)
		str8[i] = str16[i];

	printk(KERN_WARNING "efivars: duplicate variable: %s-%pUl\n",
	       str8, vendor_guid);
	kfree(str8);
}

/**
 * efivar_init - build the initial list of EFI variables
 * @func: callback function to invoke for every variable
 * @data: function-specific data to pass to @func
 * @head: initialised head of variable list
 *
 * Get every EFI variable from the firmware and invoke @func. @func
 * should call efivar_entry_add() to build the list of variables.
 *
 * Returns 0 on success, or a kernel error code on failure.
 */
int efivar_init(int (*func)(efi_char16_t *, efi_guid_t, unsigned long, void *,
			    struct list_head *),
		void *data, struct list_head *head)
{
	unsigned long variable_name_size = 512;
	efi_char16_t *variable_name;
	efi_status_t status;
	efi_guid_t vendor_guid;
	int err = 0;

	variable_name = kzalloc(variable_name_size, GFP_KERNEL);
	if (!variable_name) {
		printk(KERN_ERR "efivars: Memory allocation failed.\n");
		return -ENOMEM;
	}

	err = efivar_lock();
	if (err)
		goto free;

	/*
	 * A small set of old UEFI implementations reject sizes
	 * above a certain threshold, the lowest seen in the wild
	 * is 512.
	 */

	do {
		variable_name_size = 512;

		status = efivar_get_next_variable(&variable_name_size,
						  variable_name,
						  &vendor_guid);
		switch (status) {
		case EFI_SUCCESS:
			variable_name_size = var_name_strnsize(variable_name,
							       variable_name_size);

			/*
			 * Some firmware implementations return the
			 * same variable name on multiple calls to
			 * get_next_variable(). Terminate the loop
			 * immediately as there is no guarantee that
			 * we'll ever see a different variable name,
			 * and may end up looping here forever.
			 */
			if (variable_is_present(variable_name, &vendor_guid,
						head)) {
				dup_variable_bug(variable_name, &vendor_guid,
						 variable_name_size);
				status = EFI_NOT_FOUND;
			} else {
				err = func(variable_name, vendor_guid,
					   variable_name_size, data, head);
				if (err)
					status = EFI_NOT_FOUND;
			}
			break;
		case EFI_UNSUPPORTED:
			err = -EOPNOTSUPP;
			status = EFI_NOT_FOUND;
			break;
		case EFI_NOT_FOUND:
			break;
		case EFI_BUFFER_TOO_SMALL:
			pr_warn("efivars: Variable name size exceeds maximum (%lu > 512)\n",
				variable_name_size);
			status = EFI_NOT_FOUND;
			break;
		default:
			pr_warn("efivars: get_next_variable: status=%lx\n", status);
			status = EFI_NOT_FOUND;
			break;
		}

	} while (status != EFI_NOT_FOUND);

	efivar_unlock();
free:
	kfree(variable_name);

	return err;
}

/**
 * efivar_entry_add - add entry to variable list
 * @entry: entry to add to list
 * @head: list head
 *
 * Returns 0 on success, or a kernel error code on failure.
 */
int efivar_entry_add(struct efivar_entry *entry, struct list_head *head)
{
	int err;

	err = efivar_lock();
	if (err)
		return err;
	list_add(&entry->list, head);
	efivar_unlock();

	return 0;
}

/**
 * __efivar_entry_add - add entry to variable list
 * @entry: entry to add to list
 * @head: list head
 */
void __efivar_entry_add(struct efivar_entry *entry, struct list_head *head)
{
	list_add(&entry->list, head);
}

/**
 * efivar_entry_remove - remove entry from variable list
 * @entry: entry to remove from list
 *
 * Returns 0 on success, or a kernel error code on failure.
 */
void efivar_entry_remove(struct efivar_entry *entry)
{
	list_del(&entry->list);
}

/*
 * efivar_entry_list_del_unlock - remove entry from variable list
 * @entry: entry to remove
 *
 * Remove @entry from the variable list and release the list lock.
 *
 * NOTE: slightly weird locking semantics here - we expect to be
 * called with the efivars lock already held, and we release it before
 * returning. This is because this function is usually called after
 * set_variable() while the lock is still held.
 */
static void efivar_entry_list_del_unlock(struct efivar_entry *entry)
{
	list_del(&entry->list);
	efivar_unlock();
}

/**
 * efivar_entry_delete - delete variable and remove entry from list
 * @entry: entry containing variable to delete
 *
 * Delete the variable from the firmware and remove @entry from the
 * variable list. It is the caller's responsibility to free @entry
 * once we return.
 *
 * Returns 0 on success, -EINTR if we can't grab the semaphore,
 * converted EFI status code if set_variable() fails.
 */
int efivar_entry_delete(struct efivar_entry *entry)
{
	efi_status_t status;
	int err;

	err = efivar_lock();
	if (err)
		return err;

	status = efivar_set_variable_locked(entry->var.VariableName,
					    &entry->var.VendorGuid,
					    0, 0, NULL, false);
	if (!(status == EFI_SUCCESS || status == EFI_NOT_FOUND)) {
		efivar_unlock();
		return efi_status_to_err(status);
	}

	efivar_entry_list_del_unlock(entry);
	return 0;
}

/**
 * efivar_entry_size - obtain the size of a variable
 * @entry: entry for this variable
 * @size: location to store the variable's size
 */
int efivar_entry_size(struct efivar_entry *entry, unsigned long *size)
{
	efi_status_t status;
	int err;

	*size = 0;

	err = efivar_lock();
	if (err)
		return err;

	status = efivar_get_variable(entry->var.VariableName,
				     &entry->var.VendorGuid, NULL, size, NULL);
	efivar_unlock();

	if (status != EFI_BUFFER_TOO_SMALL)
		return efi_status_to_err(status);

	return 0;
}

/**
 * __efivar_entry_get - call get_variable()
 * @entry: read data for this variable
 * @attributes: variable attributes
 * @size: size of @data buffer
 * @data: buffer to store variable data
 *
 * The caller MUST call efivar_entry_iter_begin() and
 * efivar_entry_iter_end() before and after the invocation of this
 * function, respectively.
 */
int __efivar_entry_get(struct efivar_entry *entry, u32 *attributes,
		       unsigned long *size, void *data)
{
	efi_status_t status;

	status = efivar_get_variable(entry->var.VariableName,
				     &entry->var.VendorGuid,
				     attributes, size, data);

	return efi_status_to_err(status);
}

/**
 * efivar_entry_get - call get_variable()
 * @entry: read data for this variable
 * @attributes: variable attributes
 * @size: size of @data buffer
 * @data: buffer to store variable data
 */
int efivar_entry_get(struct efivar_entry *entry, u32 *attributes,
		     unsigned long *size, void *data)
{
	int err;

	err = efivar_lock();
	if (err)
		return err;
	err = __efivar_entry_get(entry, attributes, size, data);
	efivar_unlock();

	return 0;
}

/**
 * efivar_entry_set_get_size - call set_variable() and get new size (atomic)
 * @entry: entry containing variable to set and get
 * @attributes: attributes of variable to be written
 * @size: size of data buffer
 * @data: buffer containing data to write
 * @set: did the set_variable() call succeed?
 *
 * This is a pretty special (complex) function. See efivarfs_file_write().
 *
 * Atomically call set_variable() for @entry and if the call is
 * successful, return the new size of the variable from get_variable()
 * in @size. The success of set_variable() is indicated by @set.
 *
 * Returns 0 on success, -EINVAL if the variable data is invalid,
 * -ENOSPC if the firmware does not have enough available space, or a
 * converted EFI status code if either of set_variable() or
 * get_variable() fail.
 *
 * If the EFI variable does not exist when calling set_variable()
 * (EFI_NOT_FOUND), @entry is removed from the variable list.
 */
int efivar_entry_set_get_size(struct efivar_entry *entry, u32 attributes,
			      unsigned long *size, void *data, bool *set)
{
	efi_char16_t *name = entry->var.VariableName;
	efi_guid_t *vendor = &entry->var.VendorGuid;
	efi_status_t status;
	int err;

	*set = false;

	if (efivar_validate(*vendor, name, data, *size) == false)
		return -EINVAL;

	/*
	 * The lock here protects the get_variable call, the conditional
	 * set_variable call, and removal of the variable from the efivars
	 * list (in the case of an authenticated delete).
	 */
	err = efivar_lock();
	if (err)
		return err;

	status = efivar_set_variable_locked(name, vendor, attributes, *size,
					    data, false);
	if (status != EFI_SUCCESS) {
		err = efi_status_to_err(status);
		goto out;
	}

	*set = true;

	/*
	 * Writing to the variable may have caused a change in size (which
	 * could either be an append or an overwrite), or the variable to be
	 * deleted. Perform a GetVariable() so we can tell what actually
	 * happened.
	 */
	*size = 0;
	status = efivar_get_variable(entry->var.VariableName,
				    &entry->var.VendorGuid,
				    NULL, size, NULL);

	if (status == EFI_NOT_FOUND)
		efivar_entry_list_del_unlock(entry);
	else
		efivar_unlock();

	if (status && status != EFI_BUFFER_TOO_SMALL)
		return efi_status_to_err(status);

	return 0;

out:
	efivar_unlock();
	return err;

}

/**
 * efivar_entry_iter - iterate over variable list
 * @func: callback function
 * @head: head of variable list
 * @data: function-specific data to pass to callback
 *
 * Iterate over the list of EFI variables and call @func with every
 * entry on the list. It is safe for @func to remove entries in the
 * list via efivar_entry_delete() while iterating.
 *
 * Some notes for the callback function:
 *  - a non-zero return value indicates an error and terminates the loop
 *  - @func is called from atomic context
 */
int efivar_entry_iter(int (*func)(struct efivar_entry *, void *),
		      struct list_head *head, void *data)
{
	struct efivar_entry *entry, *n;
	int err = 0;

	err = efivar_lock();
	if (err)
		return err;

	list_for_each_entry_safe(entry, n, head, list) {
		err = func(entry, data);
		if (err)
			break;
	}
	efivar_unlock();

	return err;
}
Commit	Line	Data
2d82e622 AB	1	// SPDX-License-Identifier: GPL-2.0+
	2	/*
	3	* Originally from efivars.c
	4	*
	5	* Copyright (C) 2001,2003,2004 Dell <[email protected]>
	6	* Copyright (C) 2004 Intel Corporation <[email protected]>
	7	*/
	8
	9	#include <linux/capability.h>
	10	#include <linux/types.h>
	11	#include <linux/errno.h>
	12	#include <linux/init.h>
	13	#include <linux/mm.h>
	14	#include <linux/module.h>
	15	#include <linux/string.h>
	16	#include <linux/smp.h>
	17	#include <linux/efi.h>
	18	#include <linux/device.h>
	19	#include <linux/slab.h>
	20	#include <linux/ctype.h>
	21	#include <linux/ucs2_string.h>
	22
	23	#include "internal.h"
	24
	25	MODULE_IMPORT_NS(EFIVAR);
	26
	27	static bool
	28	validate_device_path(efi_char16_t var_name, int match, u8 buffer,
	29	unsigned long len)
	30	{
	31	struct efi_generic_dev_path *node;
	32	int offset = 0;
	33
	34	node = (struct efi_generic_dev_path *)buffer;
	35
	36	if (len < sizeof(*node))
	37	return false;
	38
	39	while (offset <= len - sizeof(*node) &&
	40	node->length >= sizeof(*node) &&
	41	node->length <= len - offset) {
	42	offset += node->length;
	43
	44	if ((node->type == EFI_DEV_END_PATH \|\|
	45	node->type == EFI_DEV_END_PATH2) &&
	46	node->sub_type == EFI_DEV_END_ENTIRE)
	47	return true;
	48
	49	node = (struct efi_generic_dev_path *)(buffer + offset);
	50	}
	51
	52	/*
	53	* If we're here then either node->length pointed past the end
	54	* of the buffer or we reached the end of the buffer without
	55	* finding a device path end node.
	56	*/
	57	return false;
	58	}
	59
	60	static bool
	61	validate_boot_order(efi_char16_t var_name, int match, u8 buffer,
	62	unsigned long len)
	63	{
	64	/* An array of 16-bit integers */
65	if ((len % 2) != 0)
66	return false;
67
68	return true;
69	}
70
71	static bool
72	validate_load_option(efi_char16_t var_name, int match, u8 buffer,
73	unsigned long len)
74	{
75	u16 filepathlength;
76	int i, desclength = 0, namelen;
77
78	namelen = ucs2_strnlen(var_name, EFI_VAR_NAME_LEN);
79
80	/* Either "Boot" or "Driver" followed by four digits of hex */
81	for (i = match; i < match+4; i++) {
82	if (var_name[i] > 127 \|\|
83	hex_to_bin(var_name[i] & 0xff) < 0)
84	return true;
85	}
86
87	/* Reject it if there's 4 digits of hex and then further content */
88	if (namelen > match + 4)
89	return false;
90
91	/* A valid entry must be at least 8 bytes */
92	if (len < 8)
93	return false;
94
95	filepathlength = buffer[4] \| buffer[5] << 8;
96
97	/*
98	* There's no stored length for the description, so it has to be
99	* found by hand
100	*/
101	desclength = ucs2_strsize((efi_char16_t *)(buffer + 6), len - 6) + 2;
102
103	/* Each boot entry must have a descriptor */
104	if (!desclength)
105	return false;
106
107	/*
108	* If the sum of the length of the description, the claimed filepath
109	* length and the original header are greater than the length of the
110	* variable, it's malformed
111	*/
112	if ((desclength + filepathlength + 6) > len)
113	return false;
114
115	/*
116	* And, finally, check the filepath
117	*/
118	return validate_device_path(var_name, match, buffer + desclength + 6,
119	filepathlength);
120	}
121
122	static bool
123	validate_uint16(efi_char16_t var_name, int match, u8 buffer,
124	unsigned long len)
125	{
126	/* A single 16-bit integer */
127	if (len != 2)
128	return false;
129
130	return true;
131	}
132
133	static bool
134	validate_ascii_string(efi_char16_t var_name, int match, u8 buffer,
135	unsigned long len)
136	{
137	int i;
138
139	for (i = 0; i < len; i++) {
140	if (buffer[i] > 127)
141	return false;
142
143	if (buffer[i] == 0)
144	return true;
145	}
146
147	return false;
148	}
149
150	struct variable_validate {
151	efi_guid_t vendor;
152	char *name;
153	bool (validate)(efi_char16_t var_name, int match, u8 *data,
154	unsigned long len);
155	};
156
157	/*
158	* This is the list of variables we need to validate, as well as the
159	* whitelist for what we think is safe not to default to immutable.
160	*
161	* If it has a validate() method that's not NULL, it'll go into the
162	* validation routine. If not, it is assumed valid, but still used for
163	* whitelisting.
164	*
165	* Note that it's sorted by {vendor,name}, but globbed names must come after
166	* any other name with the same prefix.
167	*/
168	static const struct variable_validate variable_validate[] = {
169	{ EFI_GLOBAL_VARIABLE_GUID, "BootNext", validate_uint16 },
170	{ EFI_GLOBAL_VARIABLE_GUID, "BootOrder", validate_boot_order },
171	{ EFI_GLOBAL_VARIABLE_GUID, "Boot*", validate_load_option },
172	{ EFI_GLOBAL_VARIABLE_GUID, "DriverOrder", validate_boot_order },
173	{ EFI_GLOBAL_VARIABLE_GUID, "Driver*", validate_load_option },
174	{ EFI_GLOBAL_VARIABLE_GUID, "ConIn", validate_device_path },
175	{ EFI_GLOBAL_VARIABLE_GUID, "ConInDev", validate_device_path },
176	{ EFI_GLOBAL_VARIABLE_GUID, "ConOut", validate_device_path },
177	{ EFI_GLOBAL_VARIABLE_GUID, "ConOutDev", validate_device_path },
178	{ EFI_GLOBAL_VARIABLE_GUID, "ErrOut", validate_device_path },
179	{ EFI_GLOBAL_VARIABLE_GUID, "ErrOutDev", validate_device_path },
180	{ EFI_GLOBAL_VARIABLE_GUID, "Lang", validate_ascii_string },
181	{ EFI_GLOBAL_VARIABLE_GUID, "OsIndications", NULL },
182	{ EFI_GLOBAL_VARIABLE_GUID, "PlatformLang", validate_ascii_string },
183	{ EFI_GLOBAL_VARIABLE_GUID, "Timeout", validate_uint16 },
184	{ LINUX_EFI_CRASH_GUID, "*", NULL },
185	{ NULL_GUID, "", NULL },
186	};
187
188	/*
189	* Check if @var_name matches the pattern given in @match_name.
190	*
191	* @var_name: an array of @len non-NUL characters.
192	* @match_name: a NUL-terminated pattern string, optionally ending in "*". A
193	* final "*" character matches any trailing characters @var_name,
194	* including the case when there are none left in @var_name.
195	* @match: on output, the number of non-wildcard characters in @match_name
196	* that @var_name matches, regardless of the return value.
197	* @return: whether @var_name fully matches @match_name.
198	*/
199	static bool
200	variable_matches(const char var_name, size_t len, const char match_name,
201	int *match)
202	{
203	for (match = 0; ; (match)++) {
204	char c = match_name[*match];
205
206	switch (c) {
207	case '*':
208	/* Wildcard in @match_name means we've matched. */
209	return true;
210
211	case '\0':
212	/* @match_name has ended. Has @var_name too? */
213	return (*match == len);
214
215	default:
216	/*
217	* We've reached a non-wildcard char in @match_name.
218	* Continue only if there's an identical character in
219	* @var_name.
220	*/
221	if (match < len && c == var_name[match])
222	continue;
223	return false;
224	}
225	}
226	}
227
228	bool
229	efivar_validate(efi_guid_t vendor, efi_char16_t var_name, u8 data,
230	unsigned long data_size)
231	{
232	int i;
233	unsigned long utf8_size;
234	u8 *utf8_name;
235
236	utf8_size = ucs2_utf8size(var_name);
237	utf8_name = kmalloc(utf8_size + 1, GFP_KERNEL);
238	if (!utf8_name)
239	return false;
240
241	ucs2_as_utf8(utf8_name, var_name, utf8_size);
242	utf8_name[utf8_size] = '\0';
243
244	for (i = 0; variable_validate[i].name[0] != '\0'; i++) {
245	const char *name = variable_validate[i].name;
246	int match = 0;
247
248	if (efi_guidcmp(vendor, variable_validate[i].vendor))
249	continue;
250
251	if (variable_matches(utf8_name, utf8_size+1, name, &match)) {
252	if (variable_validate[i].validate == NULL)
253	break;
254	kfree(utf8_name);
255	return variable_validate[i].validate(var_name, match,
256	data, data_size);
257	}
258	}
259	kfree(utf8_name);
260	return true;
261	}
262
263	bool
264	efivar_variable_is_removable(efi_guid_t vendor, const char *var_name,
265	size_t len)
266	{
267	int i;
268	bool found = false;
269	int match = 0;
270
271	/*
272	* Check if our variable is in the validated variables list
273	*/
274	for (i = 0; variable_validate[i].name[0] != '\0'; i++) {
275	if (efi_guidcmp(variable_validate[i].vendor, vendor))
276	continue;
277
278	if (variable_matches(var_name, len,
279	variable_validate[i].name, &match)) {
280	found = true;
281	break;
282	}
283	}
284
285	/*
286	* If it's in our list, it is removable.
287	*/
288	return found;
289	}
290
291	static bool variable_is_present(efi_char16_t variable_name, efi_guid_t vendor,
292	struct list_head *head)
293	{
294	struct efivar_entry entry, n;
295	unsigned long strsize1, strsize2;
296	bool found = false;
297
298	strsize1 = ucs2_strsize(variable_name, 1024);
299	list_for_each_entry_safe(entry, n, head, list) {
300	strsize2 = ucs2_strsize(entry->var.VariableName, 1024);
301	if (strsize1 == strsize2 &&
302	!memcmp(variable_name, &(entry->var.VariableName),
303	strsize2) &&
304	!efi_guidcmp(entry->var.VendorGuid,
305	*vendor)) {
306	found = true;
307	break;
308	}
309	}
310	return found;
311	}
312
313	/*
314	* Returns the size of variable_name, in bytes, including the
315	* terminating NULL character, or variable_name_size if no NULL
316	* character is found among the first variable_name_size bytes.
317	*/
318	static unsigned long var_name_strnsize(efi_char16_t *variable_name,
319	unsigned long variable_name_size)
320	{
321	unsigned long len;
322	efi_char16_t c;
323
324	/*
325	* The variable name is, by definition, a NULL-terminated
326	* string, so make absolutely sure that variable_name_size is
327	* the value we expect it to be. If not, return the real size.
328	*/
329	for (len = 2; len <= variable_name_size; len += sizeof(c)) {
330	c = variable_name[(len / sizeof(c)) - 1];
331	if (!c)
332	break;
333	}
334
335	return min(len, variable_name_size);
336	}
337
338	/*
339	* Print a warning when duplicate EFI variables are encountered and
340	* disable the sysfs workqueue since the firmware is buggy.
341	*/
342	static void dup_variable_bug(efi_char16_t str16, efi_guid_t vendor_guid,
343	unsigned long len16)
344	{
345	size_t i, len8 = len16 / sizeof(efi_char16_t);
346	char *str8;
347
348	str8 = kzalloc(len8, GFP_KERNEL);
349	if (!str8)
350	return;
351
352	for (i = 0; i < len8; i++)
353	str8[i] = str16[i];
354
355	printk(KERN_WARNING "efivars: duplicate variable: %s-%pUl\n",
356	str8, vendor_guid);
357	kfree(str8);
358	}
359
360	/**
361	* efivar_init - build the initial list of EFI variables
362	* @func: callback function to invoke for every variable
363	* @data: function-specific data to pass to @func
2d82e622 AB	364	* @head: initialised head of variable list
	365	*
	366	* Get every EFI variable from the firmware and invoke @func. @func
	367	* should call efivar_entry_add() to build the list of variables.
	368	*
	369	* Returns 0 on success, or a kernel error code on failure.
	370	*/
cdb46a8a AB	371	int efivar_init(int (func)(efi_char16_t , efi_guid_t, unsigned long, void *,
cdb46a8a AB	372	struct list_head *),
2ce507f5	373	void data, struct list_head head)
2d82e622	374	{
f45812cc	375	unsigned long variable_name_size = 512;
2d82e622 AB	376	efi_char16_t *variable_name;
	377	efi_status_t status;
	378	efi_guid_t vendor_guid;
	379	int err = 0;
	380
	381	variable_name = kzalloc(variable_name_size, GFP_KERNEL);
	382	if (!variable_name) {
	383	printk(KERN_ERR "efivars: Memory allocation failed.\n");
	384	return -ENOMEM;
	385	}
	386
	387	err = efivar_lock();
	388	if (err)
	389	goto free;
	390
	391	/*
f45812cc TS	392	* A small set of old UEFI implementations reject sizes
	393	* above a certain threshold, the lowest seen in the wild
	394	* is 512.
2d82e622 AB	395	*/
	396
	397	do {
f45812cc	398	variable_name_size = 512;
2d82e622 AB	399
	400	status = efivar_get_next_variable(&variable_name_size,
	401	variable_name,
	402	&vendor_guid);
	403	switch (status) {
	404	case EFI_SUCCESS:
	405	variable_name_size = var_name_strnsize(variable_name,
	406	variable_name_size);
	407
	408	/*
	409	* Some firmware implementations return the
	410	* same variable name on multiple calls to
	411	* get_next_variable(). Terminate the loop
	412	* immediately as there is no guarantee that
	413	* we'll ever see a different variable name,
	414	* and may end up looping here forever.
	415	*/
2ce507f5	416	if (variable_is_present(variable_name, &vendor_guid,
2d82e622 AB	417	head)) {
	418	dup_variable_bug(variable_name, &vendor_guid,
	419	variable_name_size);
	420	status = EFI_NOT_FOUND;
	421	} else {
	422	err = func(variable_name, vendor_guid,
cdb46a8a	423	variable_name_size, data, head);
2d82e622 AB	424	if (err)
	425	status = EFI_NOT_FOUND;
	426	}
	427	break;
	428	case EFI_UNSUPPORTED:
	429	err = -EOPNOTSUPP;
	430	status = EFI_NOT_FOUND;
	431	break;
	432	case EFI_NOT_FOUND:
	433	break;
f45812cc TS	434	case EFI_BUFFER_TOO_SMALL:
	435	pr_warn("efivars: Variable name size exceeds maximum (%lu > 512)\n",
	436	variable_name_size);
	437	status = EFI_NOT_FOUND;
	438	break;
2d82e622	439	default:
f45812cc	440	pr_warn("efivars: get_next_variable: status=%lx\n", status);
2d82e622 AB	441	status = EFI_NOT_FOUND;
	442	break;
	443	}
	444
	445	} while (status != EFI_NOT_FOUND);
	446
	447	efivar_unlock();
	448	free:
	449	kfree(variable_name);
	450
	451	return err;
	452	}
	453
	454	/**
	455	* efivar_entry_add - add entry to variable list
	456	* @entry: entry to add to list
	457	* @head: list head
	458	*
	459	* Returns 0 on success, or a kernel error code on failure.
	460	*/
	461	int efivar_entry_add(struct efivar_entry entry, struct list_head head)
	462	{
	463	int err;
	464
	465	err = efivar_lock();
	466	if (err)
	467	return err;
	468	list_add(&entry->list, head);
	469	efivar_unlock();
	470
	471	return 0;
	472	}
	473
	474	/**
	475	* __efivar_entry_add - add entry to variable list
	476	* @entry: entry to add to list
	477	* @head: list head
	478	*/
	479	void __efivar_entry_add(struct efivar_entry entry, struct list_head head)
	480	{
	481	list_add(&entry->list, head);
	482	}
	483
	484	/**
	485	* efivar_entry_remove - remove entry from variable list
	486	* @entry: entry to remove from list
	487	*
	488	* Returns 0 on success, or a kernel error code on failure.
	489	*/
	490	void efivar_entry_remove(struct efivar_entry *entry)
	491	{
	492	list_del(&entry->list);
	493	}
	494
	495	/*
	496	* efivar_entry_list_del_unlock - remove entry from variable list
	497	* @entry: entry to remove
	498	*
	499	* Remove @entry from the variable list and release the list lock.
	500	*
	501	* NOTE: slightly weird locking semantics here - we expect to be
	502	* called with the efivars lock already held, and we release it before
	503	* returning. This is because this function is usually called after
	504	* set_variable() while the lock is still held.
505	*/
506	static void efivar_entry_list_del_unlock(struct efivar_entry *entry)
507	{
508	list_del(&entry->list);
509	efivar_unlock();
510	}
511
512	/**
513	* efivar_entry_delete - delete variable and remove entry from list
514	* @entry: entry containing variable to delete
515	*
516	* Delete the variable from the firmware and remove @entry from the
517	* variable list. It is the caller's responsibility to free @entry
518	* once we return.
519	*
520	* Returns 0 on success, -EINTR if we can't grab the semaphore,
521	* converted EFI status code if set_variable() fails.
522	*/
523	int efivar_entry_delete(struct efivar_entry *entry)
524	{
525	efi_status_t status;
526	int err;
527
528	err = efivar_lock();
529	if (err)
530	return err;
531
532	status = efivar_set_variable_locked(entry->var.VariableName,
533	&entry->var.VendorGuid,
534	0, 0, NULL, false);
535	if (!(status == EFI_SUCCESS \|\| status == EFI_NOT_FOUND)) {
536	efivar_unlock();
537	return efi_status_to_err(status);
538	}
539
540	efivar_entry_list_del_unlock(entry);
541	return 0;
542	}
543
544	/**
545	* efivar_entry_size - obtain the size of a variable
546	* @entry: entry for this variable
547	* @size: location to store the variable's size
548	*/
549	int efivar_entry_size(struct efivar_entry entry, unsigned long size)
550	{
551	efi_status_t status;
552	int err;
553
554	*size = 0;
555
556	err = efivar_lock();
557	if (err)
558	return err;
559
560	status = efivar_get_variable(entry->var.VariableName,
561	&entry->var.VendorGuid, NULL, size, NULL);
562	efivar_unlock();
563
564	if (status != EFI_BUFFER_TOO_SMALL)
565	return efi_status_to_err(status);
566
567	return 0;
568	}
569
570	/**
571	* __efivar_entry_get - call get_variable()
572	* @entry: read data for this variable
573	* @attributes: variable attributes
574	* @size: size of @data buffer
575	* @data: buffer to store variable data
576	*
577	* The caller MUST call efivar_entry_iter_begin() and
578	* efivar_entry_iter_end() before and after the invocation of this
579	* function, respectively.
580	*/
581	int __efivar_entry_get(struct efivar_entry entry, u32 attributes,
582	unsigned long size, void data)
583	{
584	efi_status_t status;
585
586	status = efivar_get_variable(entry->var.VariableName,
587	&entry->var.VendorGuid,
588	attributes, size, data);
589
590	return efi_status_to_err(status);
591	}
592
593	/**
594	* efivar_entry_get - call get_variable()
595	* @entry: read data for this variable
596	* @attributes: variable attributes
597	* @size: size of @data buffer
598	* @data: buffer to store variable data
599	*/
600	int efivar_entry_get(struct efivar_entry entry, u32 attributes,
601	unsigned long size, void data)
602	{
603	int err;
604
605	err = efivar_lock();
606	if (err)
607	return err;
608	err = __efivar_entry_get(entry, attributes, size, data);
609	efivar_unlock();
610
611	return 0;
612	}
613
614	/**
615	* efivar_entry_set_get_size - call set_variable() and get new size (atomic)
616	* @entry: entry containing variable to set and get
617	* @attributes: attributes of variable to be written
618	* @size: size of data buffer
619	* @data: buffer containing data to write
620	* @set: did the set_variable() call succeed?
621	*
622	* This is a pretty special (complex) function. See efivarfs_file_write().
623	*
624	* Atomically call set_variable() for @entry and if the call is
625	* successful, return the new size of the variable from get_variable()
626	* in @size. The success of set_variable() is indicated by @set.
627	*
628	* Returns 0 on success, -EINVAL if the variable data is invalid,
629	* -ENOSPC if the firmware does not have enough available space, or a
630	* converted EFI status code if either of set_variable() or
631	* get_variable() fail.
632	*
633	* If the EFI variable does not exist when calling set_variable()
634	* (EFI_NOT_FOUND), @entry is removed from the variable list.
635	*/
636	int efivar_entry_set_get_size(struct efivar_entry *entry, u32 attributes,
637	unsigned long size, void data, bool *set)
638	{
639	efi_char16_t *name = entry->var.VariableName;
640	efi_guid_t *vendor = &entry->var.VendorGuid;
641	efi_status_t status;
642	int err;
643
644	*set = false;
645
646	if (efivar_validate(vendor, name, data, size) == false)
647	return -EINVAL;
648
649	/*
650	* The lock here protects the get_variable call, the conditional
651	* set_variable call, and removal of the variable from the efivars
652	* list (in the case of an authenticated delete).
653	*/
654	err = efivar_lock();
655	if (err)
656	return err;
657
2d82e622 AB	658	status = efivar_set_variable_locked(name, vendor, attributes, *size,
	659	data, false);
	660	if (status != EFI_SUCCESS) {
	661	err = efi_status_to_err(status);
	662	goto out;
	663	}
	664
	665	*set = true;
	666
	667	/*
	668	* Writing to the variable may have caused a change in size (which
	669	* could either be an append or an overwrite), or the variable to be
	670	* deleted. Perform a GetVariable() so we can tell what actually
	671	* happened.
	672	*/
	673	*size = 0;
	674	status = efivar_get_variable(entry->var.VariableName,
	675	&entry->var.VendorGuid,
	676	NULL, size, NULL);
	677
	678	if (status == EFI_NOT_FOUND)
	679	efivar_entry_list_del_unlock(entry);
	680	else
	681	efivar_unlock();
	682
	683	if (status && status != EFI_BUFFER_TOO_SMALL)
	684	return efi_status_to_err(status);
	685
	686	return 0;
	687
	688	out:
	689	efivar_unlock();
	690	return err;
	691
	692	}
	693
	694	/**
	695	* efivar_entry_iter - iterate over variable list
	696	* @func: callback function
	697	* @head: head of variable list
	698	* @data: function-specific data to pass to callback
	699	*
	700	* Iterate over the list of EFI variables and call @func with every
	701	* entry on the list. It is safe for @func to remove entries in the
	702	* list via efivar_entry_delete() while iterating.
	703	*
	704	* Some notes for the callback function:
	705	* - a non-zero return value indicates an error and terminates the loop
	706	* - @func is called from atomic context
	707	*/
	708	int efivar_entry_iter(int (func)(struct efivar_entry , void *),
	709	struct list_head head, void data)
	710	{
	711	struct efivar_entry entry, n;
	712	int err = 0;
	713
	714	err = efivar_lock();
	715	if (err)
	716	return err;
	717
	718	list_for_each_entry_safe(entry, n, head, list) {
	719	err = func(entry, data);
	720	if (err)
	721	break;
722	}
723	efivar_unlock();
724
725	return err;
726	}